Open Source

85% of Software Projects Include Out-of-Date Open Source

By Adrian Bridgwater, February 01, 2013

White Source claims huge proportion of customers' libraries are out of date

White Source says that 85% of all software projects loaded to its lifecycle management service by new customers had some out-of-date open source components. The firm says that in response to this it proactively alerts whenever new versions are available, patching bugs and security issues. Altogether, 14% of all libraries in use are out of date.

Suggesting that the reason for this shortfall and disparity is probably because most software developers lack the tools (or the motivation) to continuously monitor new releases of open source components in use. White Source provides a service that automatically alerts customers whenever open source modules in their "inventory" are updated.

From a security perspective, open source software is openly available for hackers to analyze and identify vulnerabilities. Further, while security issues are often fixed quickly by the community, these updates also reveal the security issue being addressed, increasing the vulnerability of those that did not patch their system accordingly.

To address this issue, the White Source Open Source Lifecycle Management service sets out to provide customers with real-time proactive alerts whenever a new version is available for an open source module they use. Importantly, the alerts are limited and specific for a given customer and a given project, eliminating unnecessary sifting work.

According to White Source CEO Rami Sass, "White Source does not alert falsely or unnecessarily since our project-specific inventory is always updated through our integration with development tools. We currently provide plug-ins for Apache Maven and Ant, Jenkins, JetBrains TeamCity, Red Hat OpenShift, and JFrog Artifactory ."

The firm says that its objective is to reduce the burden currently placed on rank-and-file developers, while providing decision-makers with the tools to understand the legal, business, and technical risks of specific open source libraries, and to comply with their licensing requirements.

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task.
However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Video

This month's Dr. Dobb's Journal

This month,
Dr. Dobb's Journal is devoted to mobile programming. We introduce you to Apple's new Swift programming language, discuss the perils of being the third-most-popular mobile platform, revisit SQLite on Android
, and much more!